DSA Fingerprints...
Damien Miller
djm at mindrot.org
Thu Feb 8 08:30:21 EST 2001
On Wed, 7 Feb 2001, Darren Moffat wrote:
> > Last question... Given SecureDNS as a predicate (ok... Oxymoron
> >with most of the DNS out there, but I have several in several zones.) and
> >given that we can publish keys in the DNS, can OpenSSH use them to validate
> >the host keys? I can do with with FreeS/WAN (Linux IPSec) where I specify
> >to use the host public key from DNS, I was just wondering if that is
> >possible or planned for SSH as well. For zones under my total control,
> >that simplifies my host key management immensely (which is a point in
> >the KS paper).
>
> Currently under discussion in the IETF working group just now as
>
> draft-griffin-ssh-host-keys-in-dns-00.txt
>
> Got to www.ietf.org to get a copy of the text
I don't know if it is related, but these guys have a working implementation
of OpenSSH with DNSSEC key retrieval:
http://www.cs.jhu.edu/~smang/sshproject.html
-d
--
| ``We've all heard that a million monkeys banging on | Damien Miller -
| a million typewriters will eventually reproduce the | <djm at mindrot.org>
| works of Shakespeare. Now, thanks to the Internet, /
| we know this is not true.'' - Robert Wilensky UCB / http://www.mindrot.org
More information about the openssh-unix-dev
mailing list